summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2008-04-08 23:27:49 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2008-04-08 23:27:49 +0000
commit2e1cd4fb317ca2f0bd453b8c43670ff6adb3bb8f (patch)
tree61b22f9cb45ececa4cb4087ffad65d8fb23e4c80 /src/modules
parent149ed936a85e5483f8fd99060ab1acbc4d360ba9 (diff)
Fix authentication logic, someone forgot to change an || to an &&, because we use continue now the logic is reversed, we continue if auth method one fails AND auth method two fails
(instead of if auth method one fails OR auth method two fails) Also, fix bug where credentials of outbound server are leaked on successful auth to other ircds behind it git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9437 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/m_spanningtree/server.cpp19
1 files changed, 15 insertions, 4 deletions
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index b609202d5..55bb98008 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -130,9 +130,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
if (x->Name != servername && x->Name != "*") // open link allowance
continue;
- if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) ||
- (x->RecvPass != password && !this->GetTheirChallenge().empty()))
+ if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+ (x->RecvPass != password && this->GetTheirChallenge().empty()))
+ {
+ this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
continue;
+ }
TreeServer* CheckDupe = Utils->FindServer(sname);
if (CheckDupe)
@@ -163,7 +166,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
Utils->TreeRoot->AddChild(Node);
params[4] = ":" + params[4];
+
+
+ /* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */
+ params[1] = "*";
Utils->DoOneToAllButSender(Instance->Config->GetSID(),"SERVER",params,sname);
+
Node->bursting = true;
this->DoBurst(Node);
return true;
@@ -218,9 +226,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
if (x->Name != servername && x->Name != "*") // open link allowance
continue;
- if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) ||
- (x->RecvPass != password && !this->GetTheirChallenge().empty()))
+ if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+ (x->RecvPass != password && this->GetTheirChallenge().empty()))
+ {
+ this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
continue;
+ }
/* Check for fully initialized instances of the server by id */
Instance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str());